pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2020-2878/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

232 lines
11 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20202878",
"Version": "oval:org.altlinux.errata:def:20202878",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-2878: package `dpdk` update to version 19.11.3-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-2878",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-2878",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-03905",
"RefURL": "https://bdu.fstec.ru/vul/2020-03905",
"Source": "BDU"
},
{
"RefID": "BDU:2020-03944",
"RefURL": "https://bdu.fstec.ru/vul/2020-03944",
"Source": "BDU"
},
{
"RefID": "BDU:2020-03962",
"RefURL": "https://bdu.fstec.ru/vul/2020-03962",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00722",
"RefURL": "https://bdu.fstec.ru/vul/2021-00722",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00723",
"RefURL": "https://bdu.fstec.ru/vul/2021-00723",
"Source": "BDU"
},
{
"RefID": "CVE-2020-10722",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-10722",
"Source": "CVE"
},
{
"RefID": "CVE-2020-10723",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-10723",
"Source": "CVE"
},
{
"RefID": "CVE-2020-10724",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-10724",
"Source": "CVE"
},
{
"RefID": "CVE-2020-10725",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-10725",
"Source": "CVE"
},
{
"RefID": "CVE-2020-10726",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-10726",
"Source": "CVE"
},
{
"RefID": "CVE-2022-2132",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2132",
"Source": "CVE"
}
],
"Description": "This update upgrades dpdk to version 19.11.3-alt1. \nSecurity Fix(es):\n\n * BDU:2020-03905: Уязвимость набора библиотек и драйверов для быстрой обработки пакетов dpdk, связанная с целочисленным переполнением значения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-03944: Уязвимость функции vhost_user_set_log_base набора библиотек и драйверов для быстрой обработки пакетов dpdk, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-03962: Уязвимость модуля vhost-crypto набора библиотек и драйверов для быстрой обработки пакетов dpdk, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * BDU:2021-00722: Уязвимость модуля vhost-user набора библиотек и драйверов для быстрой обработки пакетов dpdk, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-00723: Уязвимость функции virtio_dev_rx_batch_packed набора библиотек и драйверов для быстрой обработки пакетов dpdk, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2020-10722: A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.\n\n * CVE-2020-10723: A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.\n\n * CVE-2020-10724: A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.\n\n * CVE-2020-10725: A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.\n\n * CVE-2020-10726: A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service.\n\n * CVE-2022-2132: A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-09-25"
},
"Updated": {
"Date": "2020-09-25"
},
"BDUs": [
{
"ID": "BDU:2020-03905",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2020-03905",
"Impact": "Low",
"Public": "20200519"
},
{
"ID": "BDU:2020-03944",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2020-03944",
"Impact": "Low",
"Public": "20200519"
},
{
"ID": "BDU:2020-03962",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2020-03962",
"Impact": "Low",
"Public": "20200519"
},
{
"ID": "BDU:2021-00722",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-00722",
"Impact": "Low",
"Public": "20200520"
},
{
"ID": "BDU:2021-00723",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"CWE": "CWE-665",
"Href": "https://bdu.fstec.ru/vul/2021-00723",
"Impact": "High",
"Public": "20200520"
}
],
"CVEs": [
{
"ID": "CVE-2020-10722",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-10722",
"Impact": "Low",
"Public": "20200519"
},
{
"ID": "CVE-2020-10723",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-10723",
"Impact": "Low",
"Public": "20200519"
},
{
"ID": "CVE-2020-10724",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-10724",
"Impact": "Low",
"Public": "20200519"
},
{
"ID": "CVE-2020-10725",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-10725",
"Impact": "High",
"Public": "20200520"
},
{
"ID": "CVE-2020-10726",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-10726",
"Impact": "Low",
"Public": "20200520"
},
{
"ID": "CVE-2022-2132",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2132",
"Impact": "High",
"Public": "20220831"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20202878001",
"Comment": "dpdk is earlier than 0:19.11.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202878002",
"Comment": "dpdk-devel is earlier than 0:19.11.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202878003",
"Comment": "dpdk-examples is earlier than 0:19.11.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202878004",
"Comment": "dpdk-tools is earlier than 0:19.11.3-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink